IDEAS home Printed from https://ideas.repec.org/a/gam/jrisks/v10y2022i12p224-d981498.html
   My bibliography  Save this article

A Generalized Linear Mixed Model for Data Breaches and Its Application in Cyber Insurance

Author

Listed:
  • Meng Sun

    (Department of Statistics and Actuarial Science, Simon Fraser University, 8888 University Drive, Burnaby, BC V5A 1S6, Canada)

  • Yi Lu

    (Department of Statistics and Actuarial Science, Simon Fraser University, 8888 University Drive, Burnaby, BC V5A 1S6, Canada)

Abstract

Data breach incidents result in severe financial loss and reputational damage, which raises the importance of using insurance to manage and mitigate cyber related risks. We analyze data breach chronology collected by Privacy Rights Clearinghouse (PRC) since 2001 and propose a Bayesian generalized linear mixed model for data breach incidents. Our model captures the dependency between frequency and severity of cyber losses and the behavior of cyber attacks on entities across time. Risk characteristics such as types of breach, types of organization, entity locations in chronology, as well as time trend effects are taken into consideration when investigating breach frequencies. Estimations of model parameters are presented under Bayesian framework using a combination of Gibbs sampler and Metropolis–Hastings algorithm. Predictions and implications of the proposed model in enterprise risk management and cyber insurance rate filing are discussed and illustrated. We find that it is feasible and effective to use our proposed NB-GLMM for analyzing the number of data breach incidents with uniquely identified risk factors. Our results show that both geological location and business type play significant roles in measuring cyber risks. The outcomes of our predictive analytics can be utilized by insurers to price their cyber insurance products, and by corporate information technology (IT) and data security officers to develop risk mitigation strategies according to company’s characteristics.

Suggested Citation

  • Meng Sun & Yi Lu, 2022. "A Generalized Linear Mixed Model for Data Breaches and Its Application in Cyber Insurance," Risks, MDPI, vol. 10(12), pages 1-23, November.
    • Handle: RePEc:gam:jrisks:v:10:y:2022:i:12:p:224-:d:981498
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-9091/10/12/224/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2227-9091/10/12/224/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Kshetri, Nir, 2020. "The evolution of cyber-insurance industry and market: An institutional analysis," Telecommunications Policy, Elsevier, vol. 44(8).
    2. Antonio, Katrien & Beirlant, Jan, 2007. "Actuarial statistics with generalized linear mixed models," Insurance: Mathematics and Economics, Elsevier, vol. 40(1), pages 58-76, January.
    3. Bessy-Roland, Yannick & Boumezoued, Alexandre & Hillairet, Caroline, 2021. "Multivariate Hawkes process for cyber insurance," Annals of Actuarial Science, Cambridge University Press, vol. 15(1), pages 14-39, March.
    4. Garrido, José & Zhou, Jun, 2009. "Full Credibility with Generalized Linear and Mixed Models," ASTIN Bulletin, Cambridge University Press, vol. 39(1), pages 61-80, May.
    5. Spencer Wheatley & Thomas Maillart & Didier Sornette, 2016. "The extreme risk of personal data breaches and the erosion of privacy," The European Physical Journal B: Condensed Matter and Complex Systems, Springer;EDP Sciences, vol. 89(1), pages 1-12, January.
    6. T. Maillart & D. Sornette, 2010. "Heavy-tailed distribution of cyber-risks," The European Physical Journal B: Condensed Matter and Complex Systems, Springer;EDP Sciences, vol. 75(3), pages 357-364, June.
    7. Spencer Wheatley & Thomas Maillart & Didier Sornette, 2016. "The extreme risk of personal data breaches and the erosion of privacy," The European Physical Journal B: Condensed Matter and Complex Systems, Springer;EDP Sciences, vol. 89(1), pages 1-12, January.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Shengkun Xie & Chong Gan, 2023. "Estimating Territory Risk Relativity Using Generalized Linear Mixed Models and Fuzzy C -Means Clustering," Risks, MDPI, vol. 11(6), pages 1-20, May.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Trück & Jiwook Jang, 2023. "Cyber loss model risk translates to premium mispricing and risk sensitivity," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 372-433, April.
    2. Farkas, Sébastien & Lopez, Olivier & Thomas, Maud, 2021. "Cyber claim analysis using Generalized Pareto regression trees with applications to insurance," Insurance: Mathematics and Economics, Elsevier, vol. 98(C), pages 92-105.
    3. Kjartan Palsson & Steinn Gudmundsson & Sachin Shetty, 2020. "Analysis of the impact of cyber events for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 564-579, October.
    4. Daniel Zängerle & Dirk Schiereck, 2023. "Modelling and predicting enterprise-level cyber risks in the context of sparse data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 434-462, April.
    5. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    6. Zängerle, Daniel & Schiereck, Dirk, 2022. "Modelling and predicting enterprise‑level cyber risks in the context of sparse data availability," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 136276, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    7. Daouia, Abdelaati & Stupfler, Gilles & Usseglio-Carleve, Antoine, 2023. "Bias-reduced and variance-corrected asymptotic Gaussian inference about extreme expectiles," TSE Working Papers 23-1444, Toulouse School of Economics (TSE), revised Nov 2023.
    8. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    9. Domenico Giovanni & Arturo Leccadito & Marco Pirra, 2021. "On the determinants of data breaches: A cointegration analysis," Decisions in Economics and Finance, Springer;Associazione per la Matematica, vol. 44(1), pages 141-160, June.
    10. Eling, Martin & Loperfido, Nicola, 2017. "Data breaches: Goodness of fit, pricing, and risk measurement," Insurance: Mathematics and Economics, Elsevier, vol. 75(C), pages 126-136.
    11. Spencer Wheatley & Annette Hofmann & Didier Sornette, 2021. "Addressing insurance of data breach cyber risks in the catastrophe framework," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 46(1), pages 53-78, January.
    12. Jevtić, Petar & Lanchier, Nicolas, 2020. "Dynamic structural percolation model of loss distribution for cyber risk of small and medium-sized enterprises for tree-based LAN topology," Insurance: Mathematics and Economics, Elsevier, vol. 91(C), pages 209-223.
    13. Kjartan Palsson & Steinn Gudmundsson & Sachin Shetty, 0. "Analysis of the impact of cyber events for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-16.
    14. Benjamin Avanzi & Xingyun Tan & Greg Taylor & Bernard Wong, 2023. "Cyber Insurance Risk: Reporting Delays, Third-Party Cyber Events, and Changes in Reporting Propensity -- An Analysis Using Data Breaches Published by U.S. State Attorneys General," Papers 2310.04786, arXiv.org.
    15. Malavasi, Matteo & Peters, Gareth W. & Shevchenko, Pavel V. & Trück, Stefan & Jang, Jiwook & Sofronov, Georgy, 2022. "Cyber risk frequency, severity and insurance viability," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 90-114.
    16. Omer Ilker Poyraz & Mustafa Canan & Michael McShane & C. Ariel Pinto & T. Steven Cotter, 2020. "Cyber assets at risk: monetary impact of U.S. personally identifiable information mega data breaches," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 616-638, October.
    17. Bennet Skarczinski & Mathias Raschke & Frank Teuteberg, 2023. "Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 463-501, April.
    18. Alicja Wolny-Dominiak & Tomasz Żądło, 2021. "The Measures of Accuracy of Claim Frequency Credibility Predictor," Sustainability, MDPI, vol. 13(21), pages 1-13, October.
    19. Hillairet, Caroline & Lopez, Olivier & d'Oultremont, Louise & Spoorenberg, Brieuc, 2022. "Cyber-contagion model with network structure applied to insurance," Insurance: Mathematics and Economics, Elsevier, vol. 107(C), pages 88-101.
    20. Ulrik Franke & Amanda Hoxell, 2020. "Observable Cyber Risk on Cournot Oligopoly Data Storage Markets," Risks, MDPI, vol. 8(4), pages 1-15, November.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jrisks:v:10:y:2022:i:12:p:224-:d:981498. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.